CHK NVD : CVE-2021-46950 - 4bc99bfc

[witchcraze]

[CVE Configuration Update Request] Update Suggestion - CVE-2021-46950 - Cvss3 : 7.8

https://www.linuxkernelcves.com/cves/CVE-2021-46950 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2021-46950.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2021-46950.json

- CVE-2021-46950
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.14.0 up to (excluding) 4.14.233
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.19.0 up to (excluding) 4.19.191
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10.0 up to (excluding) 5.10.36
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11.0 up to (excluding) 5.11.20
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.12.0 up to (excluding) 5.12.3
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.13.0 up to (excluding) 5.13
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.4.0 up to (excluding) 5.4.118
- Reference
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.14.233
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.19.191
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.36
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.11.20
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.12.3
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.13
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.4.118
- Reference (Commit)
  - md/raid1: properly indicate failure when ending a failed write request
    - Fixed by
      - 4.14.233 (12216d0919b64ee2ea5dc7a50e455670f44383d5)
      - 4.19.191 (a6e17cab00fc5bf85472434c52ac751426257c6f)
      - 5.10.36 (661061a45e32d8b2cc0e306da9f169ad44011382)
      - 5.11.20 (59452e551784b7a57a45d971727e9db63b192515)
      - 5.12.3 (538244fba59fde17186322776247cd9c05be86dd)
      - 5.13 (2417b9869b81882ab90fd5ed1081a1cb2d4db1dd) (upstream)
      - 5.4.118 (6920cef604fa57f9409e3960413e9cc11f5c5a40)
    - Will be introduced by
      - 4.14.147 (900c531899f5)
      - 4.19.77 (1cd972e0a107)
      - 5.2.19 (a1f4fcb88098)
      - 5.3.4 (344242d50f46)
      - 5.4 (eeba6809d8d5)
- I Checked
  - XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
  - From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
  - For 3.16.35, there is related post at lkml
  - For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
  - https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
  - XXXX

https://nvd.nist.gov/vuln/detail/CVE-2021-46950	URI	Start(Ex)	Start(Inc)	End(Ex)	End(Inc)
cpe:/o:linux:linux_kernel	4.14.0	4.14.233
cpe:/o:linux:linux_kernel	4.15.0	4.19.191
cpe:/o:linux:linux_kernel	4.20.0	5.4.118
cpe:/o:linux:linux_kernel	5.11.0	5.11.20
cpe:/o:linux:linux_kernel	5.12.0	5.12.3
cpe:/o:linux:linux_kernel	5.5.0	5.10.36

[witchcraze]

- CVE-2021-46950
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.14.147 up to (excluding) 4.14.233
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.19.77 up to (excluding) 4.19.191
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.2.19 up to (excluding) 5.3
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.3.4 up to (excluding) 5.4.118
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.36
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.11.20
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.12 up to (excluding) 5.12.3
- Reference
  - https://ubuntu.com/security/CVE-2021-46950
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.14.233
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.19.191
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.4.118
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.36
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.11.20
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.12.3
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.13
  - Introduce
    - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.14.147
    - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.19.77
    - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.2.19
    - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.3.4
    - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.4
- Reference (Commit)
  - md/raid1: properly indicate failure when ending a failed write request
    - Fixed by
      - 4.14.233 (12216d0919b64ee2ea5dc7a50e455670f44383d5)
      - 4.19.191 (a6e17cab00fc5bf85472434c52ac751426257c6f)
      - 5.4.118 (6920cef604fa57f9409e3960413e9cc11f5c5a40)
      - 5.10.36 (661061a45e32d8b2cc0e306da9f169ad44011382)
      - 5.11.20 (59452e551784b7a57a45d971727e9db63b192515)
      - 5.12.3 (538244fba59fde17186322776247cd9c05be86dd)
      - 5.13 (2417b9869b81882ab90fd5ed1081a1cb2d4db1dd) (upstream)
    - Will be introduced by
      - 4.14.147 (900c531899f5)
      - 4.19.77 (1cd972e0a107)
      - 5.2.19 (a1f4fcb88098)
      - 5.3.4 (344242d50f46)
      - 5.4 (eeba6809d8d5)
- I Checked
  - From ubuntu page
    - Introduced by eeba6809d8d58908b5ed1b5ceb5fcb09a98a7cad Fixed by 2417b9869b81882ab90fd5ed1081a1cb2d4db1dd
  - 2417b9869b81882ab90fd5ed1081a1cb2d4db1dd is written as upstream commit in each ChangeLog
  - eeba6809d8d58908b5ed1b5ceb5fcb09a98a7cad is written in ChangeLog-5.4
  - eeba6809d8d58908b5ed1b5ceb5fcb09a98a7cad is written as upstream commit in each ChangeLog (Introduce)